[cfe-dev] Confused by analysis
Sebastian Redl
sebastian.redl at getdesigned.at
Wed Feb 25 09:20:09 PST 2009
Ben Laurie wrote:
> If I have a unit test like:
>
> // RUN: clang -analyze -analyzer-constraints=range -checker-cfref -verify %s
>
> void f2(int n) {
> char *p = 0;
> char a[10];
>
> if (n < 1)
> p = a;
>
> if (n > 0)
> *p = 'X'; // expected-warning{{Dereference of null pointer.}}
>
> if (n >= -3)
> *p = 'X'; // expected-warning{{Dereference of null pointer.}}
> }
>
It's not actually possible to dereference a null pointer in the second
case here. What are the options?
1) n < -3 --> if is not entered
2) -3 <= n < 1 --> p is not null
3) 1 <= n --> the null pointer dereference above already killed the program
I'm pretty sure the analyzer works under the assumption that null
pointer dereferences are unrecoverable.
Sebastian
More information about the cfe-dev
mailing list